38868890
| Question | Answer |
| RPO | Recovery Point Objective - The maximum amount of time that can be lost after a recovery from a disaster, failure or comparable event i.e. If an org can only afford to lose 1 day of data, their RPO is 24 hours. |
| KRI | Key Risk Indicator - KRIs are used to measure risk, instead of system performance |
| SLE | Single Loss Expectancy - The cost associated with the realization of each individual threat that occurs - Derived by Asset Value multiplied by Exposure Factor SLE = AV * EF ALE = SLE * ARO |
| AV | Asset Value - The cost associated with an asset |
| EF | Exposure Factor - The amount of the assets value that's lost if a threat is realized (example given was a %) |
| ALE | Annual Loss Expectancy - The expected cost of a realized threat over a given year ALE = SLE * ARO |
| ARO | Annualized Rate of Occurrence - An Estimate of how many times per year a given threat might be realized ALE = SLE * ARO |
| NPV | Net Present Value - A financial estimate of value that considers the cost of the money spent today against the savings that it costs in the future (Note: Money's value changes over time) |
| TCO | Total Cost of Ownership - A financial estimate that considers not just the sticker price of a product/service, but also other costs of ownership, such as maintenance, parts and labordoing it) |
| MTTR | Mean Time to Recovery/Repair - The average time that a device will take to recover from any failure |
| MTBF | Mean Time Between Failures - The predicted average time that will elapse between a failure of a component during normal system operation |
| HIPAA | Health Insurance Portability and Accountability Act - USA - Affects anyone who has protected medical information and has to do with securing that protected medical information |
| SOX | Sarbanes-Oxley - USA - Affects publicly traded companies and has to do with accounting guidelines and financial proper reporting |
| GLBA | Gramm-Leach-Bliley Act of 1999 - USA - Affects financial institutions, protecting PII and guidelines for sharing financial information with third-parties |
| FISMA | Federal Information Security Management Act of 2002 - USA - Affects federal agencies and requires them to develop, document and implement an agency-wide information system security program |
| FERPA | Family Educational Rights and Privacy Act - USA - Affects any institution with student education records, i.e. schools, universities |
| COPPA | Children's Online Privacy Protection Act - USA - Imposes requirements on website owners and online services directed at children 13 and under |
| PIPEDA | Personal Information Protection and Electronic Documents Act - Canada - Requires organizations to obtain consent when they collect use or disclose personal identifiable information (PII) and to have clear, understandable and readily available policies for customers to read |
| GDPR | General Data Protection Regulation - EU - regulation that states personal data cannot be collected, processed or retained without an individual's consent. It also allows an individual to withdraw their consent and be forgotten |
| PCI DSS | Payment Card Industry Data Security Standard - global? - A standard developed by the payment card industry (Visa, Mastercard, etc.). Any organization that collects, stores or processes credit card customer information is required to follow it. |
| ISO | International Organization of Standardization - Group of standards created as a series of best practices across multiple industries |
| CMMI | Capability Maturity Model Integration - |
Want to create your own Flashcards for free with GoConqr? Learn more.